User threatening to release mod source code, report the threat or wait until it happens?

There has been a user releasing the source code of mods on the release pages of those mods, one of those was my latest mod. That post was deleted, but on another mod-page where I alerted the author, another user is now threatening to do the same with my mod's source code, on the basis that it isn't against the site's rules.

For obvious reasons, I don't want the source code to my mods out there. I know that some people are happy to release mods as open source but I have chosen not to do so. So should I report the comment that threatens it, or should I wait until it happens and then report that comment?

@LeeC2202 If I remember correctly, the user is just posting code they got from a .NET Decompiler which anybody can do for free. I've been removing the comments at your request, but I'm not totally sure what the problem is. It's the nature of building a .NET mod that it can be decompiled.

By the way it was the same user who registered multiple accounts. I haven't really set any rules about posting source code, but if they keep harassing you I will ban the user.

@rappo I just saw it the same as someone taking a model mod and then releasing an unlocked version on the page of the mod. Or would that be okay as well?

Of course I understand that everything programmed can be decompiled/disassembled... I've been coding since 1982, it's not a new thing. But decompiling/disassembling something is one thing but to then publish that source on the page of the programme/mod is taking it a bit far. I thought that was crossing a line.

@PNWParksFan Thanks, I'll have a look at that... or I'll consider an alternate solution.

Obfuscation is one solution, though it takes me longer to approve those sorts of scripts. This isn't really a concern with @LeeC2202 since I trust his uploads, but if others follow suit then it would increase their approval wait times. Anyway, if the user keeps up the threats or posts the source code please report the comments so I can take a look.

@rappo It also adds to the file size, which is rather worrying... takes my Dirty Cars mod from 8K to 59K for example.

In the grand scheme of things that's probably not too bad and it does seem to be very effective using ConfuserEX... once you learn how it works. I installed a DotPeek trial as well to test and it failed to decompile pretty much everything apart from some basic variable definitions at the start. And the three mods I tried all still worked fine in the game, which was a good sign.

This isn't something I wanted to do and I guess it was naive of me to think that amongst a group of people where some are happy to openly declare they are using cracked versions of the game we are modding, that there wouldn't be at least one who had a selfish streak and a desire to expose other people's work, for no purpose whatsoever.

I'll be completely honest, I'm not a great programmer, I'm an artist by profession and I would be concerned that looking into my code might foster a feeling of distrust about whether my code is stable or not. I don't want to make your life more difficult, but I genuinely feel that this is a good step, for me anyway. Good programmers don't worry about sharing code secrets, I'll never consider myself one of those.

If you are ever in any doubt about anything I upload though, I am more than happy to provide the source code. I hope I never give you reason to distrust me, I hope my history speaks for itself... but if I do, you have my assurance that anything and everything will be provided at your request.

@LeeC2202 @rappo obfuscate or open source. Those are the options, because if you don't obfuscate you've defacto made your plugin open source. I wasn't aware that the administrators actually decompiled scripts as part of the approval process (or otherwise did some kind of inspection to make sure the script is OK). That's probably wise, but we can't expect coders to just leave the door wide open. Besides, if somebody wants to hide malicious files in their plugin, there's 1000 ways to do it. Be selective about what you install. It would be trivial to sneak a small line of code in to a plugin that wouldn't be picked up by a virus scanner or anything but that would just... delete every file on the hard drive just to be a dick. There's only so much we can do to detect these things, at some point you have to make sure your computer is backed up, and think twice before installing a mod from someone you don't trust.

@Frazzlee The thing is, with .NET scripts you have access to everything a normal windows app would have. Registry edits, file manipulation, network communication etc... if you wanted to be blatantly malicious, rather than covertly malicious, it's far too easy. In fact, I could think of several ways to be covertly malicious that would be almost undetectable, and that's through a .Net script mod.

When I was doing J2ME development, obfuscation was a natural part of the process, because Java files were basically the source code anyway, so you had to protect them. I just never thought of it here but then again, this is the first time I have been involved in GTA modding. The only other games I have done mods of any kind for, was ETS2 (I did a trailer creation tool) and a long, long time ago, I did a camera editor for Nascar 2003.

Well .NET is much like Java in that compiled .NET assemblies are practically source code. Now you know at least, and can ensure that your future mods are always obfuscated before uploading them publicly.